Age | Commit message (Collapse) | Author | Files | Lines |
|
- Add protocol sequence to dcerpc transports (will be used later on)
- Add more transports to the list
(This used to be commit ab110192e6e2c1e5a3b2befe7b61158744f15d18)
|
|
(This used to be commit 53567a83cbca9df60bef76a15df24d2cd89a16b0)
|
|
it is removed from the pending list.
(This used to be commit 33176e9751374de3b5dc3f5f9b19c6824140d90a)
|
|
ensure we don't segfault on the cleanup from an incomplete schannel
bind.
Andrew Bartlett
(This used to be commit 173f29a1d8db111d5adb258eead5379d681d3bb2)
|
|
backslash works, but is not like Windows does it.
(This used to be commit f6deb3d065e1a88f92bcb8a4a138453650c97b0b)
|
|
(This used to be commit 7771b5d8fa3db759487474eb7172df45bb3221ae)
|
|
specifying a endpoint is now also 'endpoint' instead of 'endpoints'. The
default endpoint (if none is specified) is still "ncacn_np:[\\pipe\\ifacename]",
where ifacename is the name of the interface.
Examples:
[
uuid(60a15ec5-4de8-11d7-a637-005056a20182),
endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:")
]
interface rpcecho
{
void dummy();
}
dcerpc_binding is now converted to ep_description in the server, but I hope to
completely eliminate ep_description later on.
The eventual goal of all these changes is to make it easier to add
transports as I'm going to add support for
ncalrpc (local RPC over named pipes) and ncacn_unix_stream (Unix sockets).
(This used to be commit f3da7c8b443a29b0c656c687a277384ae1353792)
|
|
[] is now mandatory
: after the hostname is no longer allowed
examples of allowed binding strings:
ncacn_np:myhost[samr]
ncacn_ip_tcp:10.0.0.1[1045]
ncacn_ip_tcp:2001:7b8:37b:1:210:dcff:fecb:a9e3[1024,sign,seal]
ncacn_np:myhost
ncacn_ip_tcp:192.168.4.2
308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2
308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:192.168.4.2[,print]
Note that the last two lines are not recognized by smbtorture as a binding
string yet. dcerpc_parse_binding() does accept them though.
(This used to be commit c15862e778507287bddef7967383d4b5d22eaee9)
|
|
- added the new messaging system, based on unix domain sockets. It
gets over 10k messages/second on my laptop without any socket
cacheing, which is better than I expected.
- added a LOCAL-MESSAGING torture test
(This used to be commit 3af06478da7ab34a272226d8d9ac87e0a4940cfb)
|
|
the [gensize] property to a struct or union will make pidl generate a
ndr_size_*() function.
(not all nasty bits of NDR are completely covered yet by the
ndr_size*() functions, support for those will be added when necessary)
I also have a local patch (not applied now) that simplifies the pidl output
and eliminates the number of functions required. It would, however, make
pidl more complex.
(This used to be commit 7c823f886afd0c4c6ee838f17882ca0658417011)
|
|
that can generate these kinds of functions
(This used to be commit ebca2516502560edfd4056fbb4cfc9718a108efa)
|
|
(This used to be commit 273d0049b5339e3288b264e5a4393bfab1d4e239)
|
|
the current ones. It took me three hours to realise that the DCOM standard
contains false protocol numbers (apparently someone converted the protocol
numbers to hex twice, i.e. 13 -> 0c and 14 to 0d). There are no longer
duplicates in the list with protocol numbers now.
(This used to be commit f355cd426462a72575ef3c3b769f676334976986)
|
|
"sign", "seal" or "connect"
(This used to be commit f3adabf6896b75f5293dbde3f9de737f35d95a10)
|
|
possible to a structure creation routine. This makes for much easier
global cleanup.
(This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
|
|
simplifies things quite a bit
(This used to be commit c82a9cf750829c4f6982ca3133295c8599023c4e)
|
|
a const pointer really means that "the data pointed to by this pointer
won't change", and that is certainly true of talloc(). The fact that
some behind-the-scenes meta-data can change doesn't matter from the
point of view of const.
this fixes a number of const warnings caused by const data structures
being passed as talloc contexts. That will no longer generate a
warning.
also changed the talloc leak reporting option from --leak-check to
--leak-report, as all it does is generate a report on exit. A new
--leak-report-full option has been added that shows the complete tree
of memory allocations, which is is quite useful in tracking things down.
NOTE: I find it quite useful to insert talloc_report_full(ptr, stderr)
calls at strategic points in the code while debugging memory
allocation problems, particularly before freeing a major context (such
as the connection context). This allows you to see if that context has
been accumulating too much data, such as per-request data, which
should have been freed when the request finished.
(This used to be commit c60ff99c3129c26a9204bac1c6e5fb386114a923)
|
|
taking a context (so when you pass a NULL pointer you end up with
memory in a top level context). Fixed it by changing the API to take a
context. The context is only used if the pointer you are reallocing is
NULL.
(This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
|
|
the cli context too
(This used to be commit 417d0c0ba182aab3a3a23db76ff7ac7cbc663cb6)
|
|
rather than manual reference counts
- properly support SMBexit in the cifs and posix backends
- added a logoff method to all backends
With these changes the RAW-CONTEXT test now passes against the posix backend
(This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
|
|
also fixes a memory leak found with --leak-check.
(This used to be commit f19201ea274f0a542314c61c4af676197bf154ad)
|
|
(This used to be commit 56ecda2178e33508c55c6195ccec41c06e099d6f)
|
|
by making our gensec structures a talloc child of the open connection
we can be sure that it will be destroyed when the connection is
dropped.
(This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
|
|
hierarchical memory allocation
(This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
|
|
name in our code
(This used to be commit 458f85328850905db8e9808d02898c69b5f9b872)
|
|
server. CONNECT security uses NTLMSSP, but does not do any signing or
sealing (or equivalently, its like signing, but with a zero filled
checksum).
(This used to be commit f4660857bc708db7f5aa7487bf7ab04bffe68928)
|
|
Implemented using the POSIX getaddrinfo() call (specified by POSIX 1003.1-2003 and 2553)
I'm not sure how portable this function is, so we might have to add a sys_getaddrinfo() later on.
(This used to be commit 0fb0530389751c6fb4ca58f5e9a0f23491699f17)
|
|
server
closes the connetion and we got EBADF from select() and event_loop_once() fails
metze
(This used to be commit 9c0e50a6f3d628156b4543d5ded89e06be696f64)
|
|
(This used to be commit 04aec4c0a3f559f6a9ccfaf990f3a2ff2e6f48df)
|
|
recently, and this broke the autoidl code)
(This used to be commit 01d66f68f6b21dc9b5c0702edcd4f56daeae9b9d)
|
|
(This used to be commit 09651b831d085345dd385bc9777f97e1c0d57c6f)
|
|
NTLM sign
NTLM sign+seal
NTLM2 sign
NTLM2 sign+seal
and all of the above both with and without key exchange
the NTLM2 seal case is ugly and involves an extra data copy, which
some API changes in gensec or the ndr layer might avoid in future.
(This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
|
|
Andrew Bartlett
(This used to be commit 49171e420337136d3e66300f99fa1885051e5b61)
|
|
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
|
|
(This used to be commit 22a6e5d50d2d40c2dfc5e36bce1132b92723dd81)
|
|
(This used to be commit f6ea24296acaaadcd2d59740bc88ef1a93fb1c28)
|
|
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
|
|
a dcerpc_pipe structure as we discussed this morning.
(This used to be commit 79969dc8daf5fdaacd26135a200ecec0b4d7663c)
|
|
also add a demonstration of its use in the netlogon async example
(This used to be commit f2a0438c66b999189c1a2ad726e91efd0748eb90)
|
|
(This used to be commit 7256945b526a1ee68d18eb579e592f7389740c22)
|
|
bytes to make sure they are zero. Non-zero values usually indicate one
of two things:
- the server is leaking data through sending uninitialised memory
- we have mistaken a real field in the IDL for padding
to differentiate between the two you really need to run with
"print,padcheck" and look carefully at whether the non-zero pad bytes
are random or appear to be deliberate.
(This used to be commit 7fdb778f81f14aaab75ab204431e4342a462957a)
|
|
The fix uses the new talloc_increase_ref_count() function in an
interesting way. I suspect this sort of technique will become quite
common.
(This used to be commit a86e629a39baf0ba2a6bb347eb9b72551c1477ff)
|
|
use readx/writex instead of the more efficient SMBtrans calls. This
patch restores the efficiency by using SMBtrans when possible.
(This used to be commit 83fbe080e7fcdf4168d85f654b802dc4538b8984)
|
|
generate a separate *_send() async function for every RPC call, and
there is a single dcerpc_ndr_request_recv() call that processes the
receive side of any rpc call. The caller can use
dcerpc_event_context() to get a pointer to the event context for the
pipe so that events can be waited for asynchronously.
The only part that remains synchronous is the initial bind
calls. These could also be made async if necessary, although I suspect
most applications won't need them to be.
(This used to be commit f5d004d8eb8c76c03342cace1976b27266cfa1f0)
|
|
The bug (found by tridge) is that Win2k3 is being tighter about the
NTLMSSP flags. If we don't negotiate sealing, we can't use it.
We now have a way to indicate to the GENSEC implementation mechanisms
what things we want for a connection.
Andrew Bartlett
(This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
|
|
byte padding of the payload portion of the packet.
(This used to be commit 271831f97f3952838557bf5034c1e435b33cb14a)
|
|
for me).
Fix indent, and add a few more useful debug messages.
Send a fault, if the bind is not accepted - don't just leave the client hanging.
Andrew Bartlett
(This used to be commit 486215edc1148ad754632be37760dc0d38b0340d)
|
|
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
|
|
this should be used in the torture tests when we got NT_STATU_NET_WRITE_FAULT
metze
(This used to be commit 964748389bb7560ba141d71bb9256a8552c7db92)
|
|
when it gets NT_STATUS_NET_WRITE_FAULT
metze
(This used to be commit 084845c1ab5e8acdb91f1d93b87d3f58e5de1bfd)
|